Apple Wallet Integration for Event Tickets in Mobile Apps
A concert or conference ticket is an eventTicket-type .pkpass. Unlike boardingPass, there's no transitType, the field structure is different, and special attention must be paid to the strip.png field — it forms the "header" with event imagery. Without strip.png of the correct size (624×246 @1x or 1248×492 @2x), the card looks bare and impersonal.
pass.json for eventTicket
{
"formatVersion": 1,
"passTypeIdentifier": "pass.com.yourtickets.event",
"serialNumber": "EVT-CONCERT-2024-USER42",
"teamIdentifier": "ABCDE12345",
"organizationName": "YourTickets",
"description": "Concert Ticket for Ivan Ivanov",
"foregroundColor": "rgb(255,255,255)",
"backgroundColor": "rgb(20,20,20)",
"labelColor": "rgb(180,180,180)",
"eventTicket": {
"primaryFields": [
{ "key": "event", "value": "Ivan Ivanov Concert", "label": "Event" }
],
"secondaryFields": [
{ "key": "venue", "value": "Olympiski", "label": "Venue" },
{ "key": "date", "value": "2024-09-21T20:00+03:00", "label": "Date",
"dateStyle": "PKDateStyleMedium", "timeStyle": "PKDateStyleShort" }
],
"auxiliaryFields": [
{ "key": "seat", "value": "Sector A, Row 5, Seat 12", "label": "Seat" },
{ "key": "category", "value": "VIP", "label": "Category" }
],
"backFields": [
{ "key": "order", "label": "Order Number", "value": "ORD-987654" },
{ "key": "rules", "label": "Entry Rules", "value": "Entry no earlier than 30 minutes before start" }
],
"barcode": {
"message": "EVT-CONCERT-2024-USER42",
"format": "PKBarcodeFormatQR",
"messageEncoding": "iso-8859-1",
"altText": "EVT-CONCERT-2024-USER42"
}
},
"relevantDate": "2024-09-21T19:30+03:00",
"expirationDate": "2024-09-21T23:59+03:00",
"locations": [
{
"latitude": 55.7806,
"longitude": 37.5617,
"relevantText": "You are near the event venue"
}
]
}
expirationDate — after this date, Wallet automatically moves the pass to the archive and offers to delete it.
QR Validation During Scanning
The barcode message content is what a scanner at entry reads. Validation logic is entirely server-side: the scanner sends a string to POST /tickets/validate, the server checks ticket status in the database and returns valid/already_scanned/invalid.
Important: the .pkpass file itself contains no information about whether the ticket has been used. Scan data is stored only on the server.
Protection from Screenshots
QR codes in Wallet cannot be protected from screenshots using iOS features. For events with high resale risk, use a rotating barcode — the barcode.message field in pass.json is updated every 30–60 seconds via APN push. Even if a user takes a screenshot, it becomes invalid within a minute.
Implementation: the server stores a seed for each ticket, generates a TOTP-like code, sends a push to Wallet → device requests a new .pkpass → old QR becomes stale.
Group Tickets
If a single order contains multiple seats — each ticket is a separate .pkpass with its own serialNumber. You cannot group multiple passes into one archive. For batch submission in the app, use PKAddPassesViewController(passes:):
let passes = ticketDataArray.compactMap { try? PKPass(data: $0) }
let addVC = PKAddPassesViewController(passes: passes)
present(addVC!, animated: true)
The controller displays all tickets in a list — users add them with a single tap.
Timeline
2–3 days: generating eventTicket passes on the server, implementing server-side QR validation API, implementing rotating barcode if needed. Pricing is calculated individually.