Hi, You're here because you've had issues with your implementation of In-App Provisioning Extensions for Apple Pay In-App Provisioning or In-App Verification. To prevent sending sensitive credentials in plain text, create a new report in Feedback Assistant to share the details requested below with the appropriate log profiles installed. Gathering Required Information for Troubleshooting Apple Pay In-App Provisioning or In-App Verification Issues While troubleshooting Apple Pay In-App Provisioning or In-App Verification, it is essential that the issuer is able to collect logs on their device and check those logs for error message. This is also essential when reporting issues to Apple. To gather the required data for your own debugging as well as reporting issues, please perform the following steps on the test device: Install the Apple Pay and Wallet profiles on your iOS or watchOS device. If the issue occurs on Mac, continue to Step 2. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device, or on macOS. Create a Feedback Assistant report with the following information: The bundle IDs App bundle ID Non-UI app extension bundle ID (if applicable) UI app extension bundle ID (if applicable) The serial number of the device. For iOS and watchOS: Open Settings > General > About > Serial Number (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > Serial Number. The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. For iOS and watchOS: Open Settings > General > About > SEID (tap and hold to copy). For macOS: Open the Apple () menu > About This Mac > System Report > NVMExpress > Serial Number. The sysdiagnose gathered after reproducing the issue. The timestamp (including timezone) of when the issue was reproduced. The type of provisioning failure (e.g., error at Terms & Conditions, error when adding a card, etc.) The issuer/network/country of the provisioned card (e.g., Mastercard – US) Last 4 digits of the FPAN Last 4 digits of the DPAN (if available) Was this test initiated from the Issuer App? (e.g., yes or no) The type of environment (e.g., sandbox or production) Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or bundle ID of your app or app extensions in the Console app. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Apple Pay client. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your client, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

Hi, To ensure the issue is not caused by an error within your app or web service request, please review the following documentation: Wallet Passes Wallet Developer Guide If the resources above don’t help identify the cause of the error, please provide more information about your app or web services to get started. To prevent sending sensitive credentials in plain text, create a report in Feedback Assistant to share the details requested below. Additionally, if the error is something we need to investigate further, the appropriate engineering teams also have access to the same information and can communicate with you directly within Feedback Assistant for more information, as needed. Please follow the instructions below to submit your report. For issues occurring with your native app or web service, perform the following steps: Install the Wallet profile on your iOS or watchOS device. Reproduce the issue and make a note of the timestamp when the issue occurred, while optionally capturing screenshots or video. Gather a sysdiagnose on the same iOS or watchOS device. Create a Feedback Assistant report with the following information: The serial number of the device. Open Settings > General > About > Serial Number (tap and hold to copy). The SEID (Secure Element Identifier) of the device, represented as a HEX encoded string. Open Settings > General > About > SEID (tap and hold to copy). The sysdiagnose gathered after reproducing the issue. The .pkpass file(s), pass signing certificate(s) and pass type identiifier(s) (optional). The timestamp of when the issue was reproduced. Screenshots or videos of errors and unexpected behaviors (optional). Important: From the logs gathered above, you should be able to determine the cause of the failure from PassbookUIService, PassKit or PassKitCore, and by filtering for your SEID or pass type identifier in the Safari Web Inspector. See Inspecting Safari on macOS to learn more. Submitting your feedback Before you submit to Feedback Assistant, please confirm the requested information above is included in your feedback. Failure to provide the requested information will only delay my investigation into the reported issue within your Wallet pass implementation. After your submission to Feedback Assistant is complete, please respond in your existing Developer Forums post with the Feedback ID. Once received, I can begin my investigation and determine if this issue is caused by an error within your web implementation, a configuration issue within your developer account, or an underlying system bug. Cheers, Paris X Pinkney |  WWDR | DTS Engineer

In Xcode, under Signing & Capabilities (Release) for our bundle ID the selected provisioning profile does include the entitlement: com.apple.developer.payment-pass-provisioning However, when we upload a new build to TestFlight, the Build Metadata → Entitlements section for the same bundle ID does not include com.apple.developer.payment-pass-provisioning. Because of this, PKAddPaymentPassViewController does not open in TestFlight builds. This suggests that while the entitlement is enabled for the App ID and visible in Xcode, it may not yet be propagated to App Store Connect’s signing service for TestFlight/App Store builds. Please Note: The Wallet Entitlements team had confirmed that they had granted entitlements for our team and the apple IDs Xcode : 26.0.1 Profile being used: Distribution Profile

Hello, I'm implementing the wallet extension but I found a problem in the passEntries function. This following part is giving nil ando I don't know why if let entry = PKIssuerProvisioningExtensionPaymentPassEntry( identifier: element.id, title: element.cardType ?? "Card", art: self.testImage()!, addRequestConfiguration: config! ) { entries.append(entry) } I debug and all the arguments have information but it doesn't create the entry

Hello, I'm implementing the wallet extension for a financial app. Right now I'm having a problem, I want to redirect to the main app when the user hasn't logged in. Is it possible? This is my code in the WalletUI. It just doesn't work. let urlString = "bank://login" guard let url = URL(string: urlString) else { return } self.extensionContext?.open(url, completionHandler: { success in if !success { print("Success") } else { self.completionHandler?(.canceled) } }) }

Hello there, We’re currently integrating Apple Wallet pass functionality into our application and am looking for clarification around the automatic update flow. Particularly regarding secure management of the authenticationToken. We’ve reviewed the documentation here: Adding a Web Service to Update Passes authenticationToken Documentation From our understanding: When a user downloads a pass from our service, the .pkpass includes both a webServiceURL and an authenticationToken. Once the pass is added to Wallet, the Wallet app makes authenticated requests to our webServiceURL, using the token in the Authorization header. We then validate this token server-side to serve updates or handle device registration. So far, this flow is clear. However, we’re looking for clarification on two key scenarios: If a user adds the same pass twice on the same device, should the authenticationToken remain the same in both cases? If the same user adds the same pass on a different device, should the authenticationToken also remain consistent across devices? If the answer to both is “yes,” we assume that our backend must store the original authenticationToken in a retrievable form (not just as a hash) to regenerate the same pass for re-download or multi-device sync. Our main question is: What is Apple’s recommended or acceptable approach to storing authenticationToken values securely on the backend? Should these tokens be: Stored in plaintext (e.g. in a protected DB field)? Encrypted using a symmetric key? Hashed (not reversible, but limits reuse)? We want to ensure we align with Apple’s best practices for Wallet security and token management, especially in contexts where the same pass may be installed on multiple devices or reissued later.

During Apple Pay in-app provisioning (EV_ECC_v2), our iOS app successfully obtains the issuer provisioning certificates and generates cryptographic material. The flow fails when Apple posts the card blob to Apple’s broker (card creation step), returning HTTP 500 from .../broker/v4/devices/{SEID}/cards. Steps: Call issuerProvisioningCertificates?encryptionVersion=EV_ECC_v2 → 200 OK; returns ECC leaf + Apple Root CA chain; nonce=2a831be4. 2. Build {encryptedCardData, activationData, ephemeralPublicKey} 3. POST /broker/v4/devices/{SEID}/cards Expected: 200 OK on /broker/v4/devices/{SEID}/cards, or 5xx with a descriptive error if payload/cryptography is invalid. Observed: 500 Internal Server Error from Apple broker on /cards (labeled “eligibility” in PassKit logs), causing a terminal failure in Wallet UI.

Hi, I’m encountering an issue in my app’s Wallet Extension, specifically within the Non-UI Extension, where we are unable to retrieve payment passes bound to a user’s account. The same code that successfully retrieves these bound cards in the main app does not work when used in the Non-UI Extension. Case-ID: 8932090 Steps to Reproduce: Set up In-App Provisioning: Ensure that the app has the necessary In-App Provisioning permissions. This functionality works correctly in the main app, confirming that the permissions are properly configured. Configure Wallet Extensions: Follow the Wallet Extensions documentation to configure the app, including all required settings for the Non-UI Extension. Add Code to Retrieve Payment Passes: In the main app’s LoginView, implement the following code in the handleLogin() method to retrieve payment passes: // Get the identifiers of payment passes that already exist in Apple Pay. paymentPassLibrary = self.passLibrary.passes(of: .secureElement) for pass in paymentPassLibrary { if let identifier = pass.secureElementPass?.primaryAccountIdentifier { if pass.isRemotePass && pass.deviceName.localizedCaseInsensitiveContains("Apple Watch") { remotePassIdentifiers.insert(identifier) } else if !pass.isRemotePass { passIdentifiers.insert(identifier) } } } Verify Functionality in Main App: Run the app and verify that the code successfully retrieves the payment passes bound to the user’s account. Implement Code in Non-UI Extension: Add the same code to the Non-UI Extension, specifically in the WNonUIExtHandler class within the override func status(completion: @escaping (PKIssuerProvisioningExtensionStatus) -> Void) method. Test in Wallet Extension: Run the Wallet Extension and observe that the payment passes are not retrieved when the code is executed in the Non-UI Extension. Has anyone encountered a similar issue or can provide insight into why the code might not work in the Non-UI Extension compared to the main app? Support Information: iOS Version: 17.5.1 Development environment: Xcode 15.4 (15F31d), macOS 14.3 (23D56) Any help or suggestions would be greatly appreciated. Thank you!

Hello Dear Network, We are developing a banking application and are implementing Apple Wallet In-App Provisioning with Wallet UI and Non-UI extensions. Our App Store submission fails with the error: "Missing entitlement com.apple.developer.payment-pass-provisioning" for both Wallet UI and Non-UI extensions. In the Apple Developer portal, we do not see the "Apple Pay" or "In-App Provisioning" capabilities available for our App ID or extension App IDs. We would like to request enablement of: Apple Pay Payment Pass Provisioning In-App Provisioning for our Apple Developer Team and related App IDs. Please let us know what we need to do for can upload build with that Entitlements, what can be problem? Thank you.

Hello, I'm using PassKit with to perform Apple Pay payment in a financial application. Our approach are: On iOS application, define PKMerchantCapability threeDSecure and credit, perform apple pay experience and get the encrypted response. On PCI service, receive the encrypted data Payment token, decrypt this data, and use to perform the payment. The problem is, in MasterCard transaction the eciIndicator is missing. I want to know if has some rule or problem about it.

Hello, we are developing in app provisioning of our American Express network cards. After clicking add to apple wallet in our app, I launch the PKAddPaymentPassViewController and click next. It loads for a few seconds and then I get: [<private>] ProvisioningOperationComposer: Step '<private>' failed with error Error Domain=PKProvisioningErrorDomain Code=5 UserInfo={PKErrorHTTPResponseStatusCodeKey=500} Does anyone have any insight on what this error means?

G'day. At my office the doors are locked with an NFC reader. We carry around a little NFC tag on our key chains which will read out a number and this then will open the door if the number matches a number in the database. I am tired of carrying around the tag, people keep loosing it, forgetting it and it would be nice to open the door using a Phone - which we tend to always have on us. So I used a credit card which is NFC enabled to readout the NFC information, added this number to the database and can now open doors using my credit card. This is pretty cool. If I forget my keys (most likely they will be on the desk but silly me left the desk without them), I may have my wallet with me. Then I tried Wallet.app on my iPhone and select the same credit card. However the door doesn't open. When looking in the door software I noticed that the tags will always transmit the same number. So does my credit card. However Wallet.app will read out 4 readings (or maybe just one very long one) and they are always different. So I can not make them match with the door database. Any ideas how to make this work? Can I give somehow wallet.app an NFC number which I can then add to my door database? Or how come the credit card and the very same one in wallet.app don't match? Thanks for your help! Would be neat if I could make this work out. This will make a lot of people happy at my office! Cheers!

I'm implementing the in app provisioning in a financial project. I got my entitlement identifier, I'm also implementing the wallet extension but I have the problem with Xcode. Domain: IXUserPresentableErrorDomain Code: 1 ... NSExtensionPointIdentifier key in the NSExtension dictionary in its Info.plist that does not correspond to a known extension point. But I'm not sure what does this mean, I reviewed the info.plist form the project and the wallet extension

Hello, We watched the WWDC25 presentation about Apple Wallet on the upgrade boarding pass features with Live Activities. We’re interested in integrating this into our app for iOS 26 beta testing. Could you please provide: Sample code or example projects API documentation Implementation guidelines Details on sharing functionality Thanks in advance!

Hello everyone, My team is exploring the implementation of an Apple Wallet pass for a loyalty program linked to a brand in an age-restricted product category. The intended use cases for the Wallet pass are: Member identification at events — Quick verification at brand events or exclusive venues, with tier-based perks (e.g., priority entry for higher tiers) Support services — Members present their card at retail locations to receive assistance Tier and points display — Dynamic visual changes based on loyalty level and current points balance Notifications — Pass updates for expiring points, upcoming events, or relevant announcements The pass would function as a standard Store Card (membership/loyalty) — no payments, no stored value, just identification and informational display. Before investing development effort, I'd like to understand: Has anyone successfully implemented Wallet passes for brands in restricted categories (tobacco, alcohol, etc.)? Are there specific guidelines or restrictions I should be aware of beyond the standard Wallet documentation? Is there a recommended channel to get official guidance from Apple on eligibility before building? Any insights or experiences would be appreciated. Thanks!

Hi, We are distributing pk pass files via a web browser. When a user taps Add in the system pass preview, the pass is added successfully, the preview is dismissed, and the user remains in the browser. From a user experience perspective, we would like to better guide users to their newly added pass in Apple Wallet. Is there a supported API, URL scheme, or documented mechanism that allows a web-based flow to transition the user to the Wallet app after a pass has been added? If direct app transitions are not supported in this scenario, what is the recommended best practice for helping users locate and open their newly added pass in Wallet? Thank you for your guidance.

Hi, When I try to add a card to wallet, I get this PKPassKitErrorDomain Code=2 error from my logs, and from the SysDiagnose, I get some more detailed error log Error details: Date: December 15, 2025 Time: 15:16 UTC Request URL: https://nc-pod9-smp-device.apple.com:443/broker/v4/devices/041B4183BA1490022104102123315131EBFE2BE7… Response: HTTP Status: 500 – Internal Server Error Time profile: 0.505452 seconds Response headers: Server: Apple Content-Type: text/html X-Content-Type-Options: nosniffStrict-Transport-Security: max-age=31536000; includeSubdomainsDate: Mon, 15 Dec 2025 15:16:59 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=blockCross-Origin-Opener-Policy: same-origin Content-Length: 170 Connection: close Response body: Anyone have faced this problem before?

I´m tring to integrate InApp push provisioning but when I send the information from the issuer to SDK to add my debit card to wallet I saw this error: PKPassKitErrorDomain Code 2 error Looking in the forum I found how to see part of the logs to get more detail on the error and I found: POST https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/04131B65D01590022288082867404947F3CCA674C3D41F3C/cards/683986c983984251b9aecfc8ff51d88a/enable 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Error inesperado." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Error inesperado.

I'm creating an event ticket Apple Wallet Pass and setting a light-coloured background image. When I do this, it automatically sets the foregroundColor to white, even when I explicitly set it to black. What's strange is that on my Mac, the foregroundColor appears as intended, and I can set it to any color I want, but when I AirDrop the pass to my iPhone, it sets the color to white, regardless of what I set the foregroundColor to. This means the text becomes completely illegible for my users, with white text on a white background image. If I remove the background image, the foregroundColor works fine. Is there a way to have a light-colored background image with dark text, or am I forced to have a dark-colored background image? Here are the colors in my pass.json: backgroundColor: "rgb(255, 255, 255)" foregroundColor: "rgb(0, 0, 0)" labelColor: "rgb(0, 0, 0)" I've attached what the pass looks like on my Mac and my iPhone.

Hi, I am developing an app that uses the Host Card Emulation (HCE) technology available on iOS. Our team is using the official HCE app entitlement, and we are testing the SDK’s behavior when the app is selected as the default contactless payment application. On devices located in supported regions, the system automatically displays a setting where the user can choose the default app. For colleagues who are located in those regions, the toggle appears normally. For development and QA purposes, I would like to understand whether there is an officially supported method to test the default-app selection behavior on devices that are not in a region where the feature is available. Any guidance on the correct testing approach would be appreciated. Thank you!